]> git.ipfire.org Git - thirdparty/linux.git/blob - net/sched/cls_flower.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
[thirdparty/linux.git] / net / sched / cls_flower.c
1 /*
2 * net/sched/cls_flower.c Flower classifier
3 *
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
17
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
20 #include <linux/ip.h>
21 #include <linux/mpls.h>
22
23 #include <net/sch_generic.h>
24 #include <net/pkt_cls.h>
25 #include <net/ip.h>
26 #include <net/flow_dissector.h>
27 #include <net/geneve.h>
28
29 #include <net/dst.h>
30 #include <net/dst_metadata.h>
31
32 struct fl_flow_key {
33 int indev_ifindex;
34 struct flow_dissector_key_control control;
35 struct flow_dissector_key_control enc_control;
36 struct flow_dissector_key_basic basic;
37 struct flow_dissector_key_eth_addrs eth;
38 struct flow_dissector_key_vlan vlan;
39 struct flow_dissector_key_vlan cvlan;
40 union {
41 struct flow_dissector_key_ipv4_addrs ipv4;
42 struct flow_dissector_key_ipv6_addrs ipv6;
43 };
44 struct flow_dissector_key_ports tp;
45 struct flow_dissector_key_icmp icmp;
46 struct flow_dissector_key_arp arp;
47 struct flow_dissector_key_keyid enc_key_id;
48 union {
49 struct flow_dissector_key_ipv4_addrs enc_ipv4;
50 struct flow_dissector_key_ipv6_addrs enc_ipv6;
51 };
52 struct flow_dissector_key_ports enc_tp;
53 struct flow_dissector_key_mpls mpls;
54 struct flow_dissector_key_tcp tcp;
55 struct flow_dissector_key_ip ip;
56 struct flow_dissector_key_ip enc_ip;
57 struct flow_dissector_key_enc_opts enc_opts;
58 struct flow_dissector_key_ports tp_min;
59 struct flow_dissector_key_ports tp_max;
60 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
61
62 struct fl_flow_mask_range {
63 unsigned short int start;
64 unsigned short int end;
65 };
66
67 struct fl_flow_mask {
68 struct fl_flow_key key;
69 struct fl_flow_mask_range range;
70 u32 flags;
71 struct rhash_head ht_node;
72 struct rhashtable ht;
73 struct rhashtable_params filter_ht_params;
74 struct flow_dissector dissector;
75 struct list_head filters;
76 struct rcu_work rwork;
77 struct list_head list;
78 };
79
80 struct fl_flow_tmplt {
81 struct fl_flow_key dummy_key;
82 struct fl_flow_key mask;
83 struct flow_dissector dissector;
84 struct tcf_chain *chain;
85 };
86
87 struct cls_fl_head {
88 struct rhashtable ht;
89 struct list_head masks;
90 struct rcu_work rwork;
91 struct idr handle_idr;
92 };
93
94 struct cls_fl_filter {
95 struct fl_flow_mask *mask;
96 struct rhash_head ht_node;
97 struct fl_flow_key mkey;
98 struct tcf_exts exts;
99 struct tcf_result res;
100 struct fl_flow_key key;
101 struct list_head list;
102 u32 handle;
103 u32 flags;
104 u32 in_hw_count;
105 struct rcu_work rwork;
106 struct net_device *hw_dev;
107 };
108
109 static const struct rhashtable_params mask_ht_params = {
110 .key_offset = offsetof(struct fl_flow_mask, key),
111 .key_len = sizeof(struct fl_flow_key),
112 .head_offset = offsetof(struct fl_flow_mask, ht_node),
113 .automatic_shrinking = true,
114 };
115
116 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
117 {
118 return mask->range.end - mask->range.start;
119 }
120
121 static void fl_mask_update_range(struct fl_flow_mask *mask)
122 {
123 const u8 *bytes = (const u8 *) &mask->key;
124 size_t size = sizeof(mask->key);
125 size_t i, first = 0, last;
126
127 for (i = 0; i < size; i++) {
128 if (bytes[i]) {
129 first = i;
130 break;
131 }
132 }
133 last = first;
134 for (i = size - 1; i != first; i--) {
135 if (bytes[i]) {
136 last = i;
137 break;
138 }
139 }
140 mask->range.start = rounddown(first, sizeof(long));
141 mask->range.end = roundup(last + 1, sizeof(long));
142 }
143
144 static void *fl_key_get_start(struct fl_flow_key *key,
145 const struct fl_flow_mask *mask)
146 {
147 return (u8 *) key + mask->range.start;
148 }
149
150 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
151 struct fl_flow_mask *mask)
152 {
153 const long *lkey = fl_key_get_start(key, mask);
154 const long *lmask = fl_key_get_start(&mask->key, mask);
155 long *lmkey = fl_key_get_start(mkey, mask);
156 int i;
157
158 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
159 *lmkey++ = *lkey++ & *lmask++;
160 }
161
162 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
163 struct fl_flow_mask *mask)
164 {
165 const long *lmask = fl_key_get_start(&mask->key, mask);
166 const long *ltmplt;
167 int i;
168
169 if (!tmplt)
170 return true;
171 ltmplt = fl_key_get_start(&tmplt->mask, mask);
172 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
173 if (~*ltmplt++ & *lmask++)
174 return false;
175 }
176 return true;
177 }
178
179 static void fl_clear_masked_range(struct fl_flow_key *key,
180 struct fl_flow_mask *mask)
181 {
182 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
183 }
184
185 static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
186 struct fl_flow_key *key,
187 struct fl_flow_key *mkey)
188 {
189 __be16 min_mask, max_mask, min_val, max_val;
190
191 min_mask = htons(filter->mask->key.tp_min.dst);
192 max_mask = htons(filter->mask->key.tp_max.dst);
193 min_val = htons(filter->key.tp_min.dst);
194 max_val = htons(filter->key.tp_max.dst);
195
196 if (min_mask && max_mask) {
197 if (htons(key->tp.dst) < min_val ||
198 htons(key->tp.dst) > max_val)
199 return false;
200
201 /* skb does not have min and max values */
202 mkey->tp_min.dst = filter->mkey.tp_min.dst;
203 mkey->tp_max.dst = filter->mkey.tp_max.dst;
204 }
205 return true;
206 }
207
208 static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
209 struct fl_flow_key *key,
210 struct fl_flow_key *mkey)
211 {
212 __be16 min_mask, max_mask, min_val, max_val;
213
214 min_mask = htons(filter->mask->key.tp_min.src);
215 max_mask = htons(filter->mask->key.tp_max.src);
216 min_val = htons(filter->key.tp_min.src);
217 max_val = htons(filter->key.tp_max.src);
218
219 if (min_mask && max_mask) {
220 if (htons(key->tp.src) < min_val ||
221 htons(key->tp.src) > max_val)
222 return false;
223
224 /* skb does not have min and max values */
225 mkey->tp_min.src = filter->mkey.tp_min.src;
226 mkey->tp_max.src = filter->mkey.tp_max.src;
227 }
228 return true;
229 }
230
231 static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
232 struct fl_flow_key *mkey)
233 {
234 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
235 mask->filter_ht_params);
236 }
237
238 static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
239 struct fl_flow_key *mkey,
240 struct fl_flow_key *key)
241 {
242 struct cls_fl_filter *filter, *f;
243
244 list_for_each_entry_rcu(filter, &mask->filters, list) {
245 if (!fl_range_port_dst_cmp(filter, key, mkey))
246 continue;
247
248 if (!fl_range_port_src_cmp(filter, key, mkey))
249 continue;
250
251 f = __fl_lookup(mask, mkey);
252 if (f)
253 return f;
254 }
255 return NULL;
256 }
257
258 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
259 struct fl_flow_key *mkey,
260 struct fl_flow_key *key)
261 {
262 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
263 return fl_lookup_range(mask, mkey, key);
264
265 return __fl_lookup(mask, mkey);
266 }
267
268 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
269 struct tcf_result *res)
270 {
271 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
272 struct cls_fl_filter *f;
273 struct fl_flow_mask *mask;
274 struct fl_flow_key skb_key;
275 struct fl_flow_key skb_mkey;
276
277 list_for_each_entry_rcu(mask, &head->masks, list) {
278 fl_clear_masked_range(&skb_key, mask);
279
280 skb_key.indev_ifindex = skb->skb_iif;
281 /* skb_flow_dissect() does not set n_proto in case an unknown
282 * protocol, so do it rather here.
283 */
284 skb_key.basic.n_proto = skb->protocol;
285 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
286 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
287
288 fl_set_masked_key(&skb_mkey, &skb_key, mask);
289
290 f = fl_lookup(mask, &skb_mkey, &skb_key);
291 if (f && !tc_skip_sw(f->flags)) {
292 *res = f->res;
293 return tcf_exts_exec(skb, &f->exts, res);
294 }
295 }
296 return -1;
297 }
298
299 static int fl_init(struct tcf_proto *tp)
300 {
301 struct cls_fl_head *head;
302
303 head = kzalloc(sizeof(*head), GFP_KERNEL);
304 if (!head)
305 return -ENOBUFS;
306
307 INIT_LIST_HEAD_RCU(&head->masks);
308 rcu_assign_pointer(tp->root, head);
309 idr_init(&head->handle_idr);
310
311 return rhashtable_init(&head->ht, &mask_ht_params);
312 }
313
314 static void fl_mask_free(struct fl_flow_mask *mask)
315 {
316 rhashtable_destroy(&mask->ht);
317 kfree(mask);
318 }
319
320 static void fl_mask_free_work(struct work_struct *work)
321 {
322 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
323 struct fl_flow_mask, rwork);
324
325 fl_mask_free(mask);
326 }
327
328 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask,
329 bool async)
330 {
331 if (!list_empty(&mask->filters))
332 return false;
333
334 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
335 list_del_rcu(&mask->list);
336 if (async)
337 tcf_queue_work(&mask->rwork, fl_mask_free_work);
338 else
339 fl_mask_free(mask);
340
341 return true;
342 }
343
344 static void __fl_destroy_filter(struct cls_fl_filter *f)
345 {
346 tcf_exts_destroy(&f->exts);
347 tcf_exts_put_net(&f->exts);
348 kfree(f);
349 }
350
351 static void fl_destroy_filter_work(struct work_struct *work)
352 {
353 struct cls_fl_filter *f = container_of(to_rcu_work(work),
354 struct cls_fl_filter, rwork);
355
356 rtnl_lock();
357 __fl_destroy_filter(f);
358 rtnl_unlock();
359 }
360
361 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
362 struct netlink_ext_ack *extack)
363 {
364 struct tc_cls_flower_offload cls_flower = {};
365 struct tcf_block *block = tp->chain->block;
366
367 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
368 cls_flower.command = TC_CLSFLOWER_DESTROY;
369 cls_flower.cookie = (unsigned long) f;
370
371 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
372 tcf_block_offload_dec(block, &f->flags);
373 }
374
375 static int fl_hw_replace_filter(struct tcf_proto *tp,
376 struct cls_fl_filter *f,
377 struct netlink_ext_ack *extack)
378 {
379 struct tc_cls_flower_offload cls_flower = {};
380 struct tcf_block *block = tp->chain->block;
381 bool skip_sw = tc_skip_sw(f->flags);
382 int err;
383
384 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
385 if (!cls_flower.rule)
386 return -ENOMEM;
387
388 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
389 cls_flower.command = TC_CLSFLOWER_REPLACE;
390 cls_flower.cookie = (unsigned long) f;
391 cls_flower.rule->match.dissector = &f->mask->dissector;
392 cls_flower.rule->match.mask = &f->mask->key;
393 cls_flower.rule->match.key = &f->mkey;
394 cls_flower.classid = f->res.classid;
395
396 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
397 if (err) {
398 kfree(cls_flower.rule);
399 if (skip_sw) {
400 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
401 return err;
402 }
403 return 0;
404 }
405
406 err = tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, skip_sw);
407 kfree(cls_flower.rule);
408
409 if (err < 0) {
410 fl_hw_destroy_filter(tp, f, NULL);
411 return err;
412 } else if (err > 0) {
413 f->in_hw_count = err;
414 tcf_block_offload_inc(block, &f->flags);
415 }
416
417 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
418 return -EINVAL;
419
420 return 0;
421 }
422
423 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
424 {
425 struct tc_cls_flower_offload cls_flower = {};
426 struct tcf_block *block = tp->chain->block;
427
428 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
429 cls_flower.command = TC_CLSFLOWER_STATS;
430 cls_flower.cookie = (unsigned long) f;
431 cls_flower.classid = f->res.classid;
432
433 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
434
435 tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes,
436 cls_flower.stats.pkts,
437 cls_flower.stats.lastused);
438 }
439
440 static bool __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
441 struct netlink_ext_ack *extack)
442 {
443 struct cls_fl_head *head = rtnl_dereference(tp->root);
444 bool async = tcf_exts_get_net(&f->exts);
445 bool last;
446
447 idr_remove(&head->handle_idr, f->handle);
448 list_del_rcu(&f->list);
449 last = fl_mask_put(head, f->mask, async);
450 if (!tc_skip_hw(f->flags))
451 fl_hw_destroy_filter(tp, f, extack);
452 tcf_unbind_filter(tp, &f->res);
453 if (async)
454 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
455 else
456 __fl_destroy_filter(f);
457
458 return last;
459 }
460
461 static void fl_destroy_sleepable(struct work_struct *work)
462 {
463 struct cls_fl_head *head = container_of(to_rcu_work(work),
464 struct cls_fl_head,
465 rwork);
466
467 rhashtable_destroy(&head->ht);
468 kfree(head);
469 module_put(THIS_MODULE);
470 }
471
472 static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
473 struct netlink_ext_ack *extack)
474 {
475 struct cls_fl_head *head = rtnl_dereference(tp->root);
476 struct fl_flow_mask *mask, *next_mask;
477 struct cls_fl_filter *f, *next;
478
479 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
480 list_for_each_entry_safe(f, next, &mask->filters, list) {
481 if (__fl_delete(tp, f, extack))
482 break;
483 }
484 }
485 idr_destroy(&head->handle_idr);
486
487 __module_get(THIS_MODULE);
488 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
489 }
490
491 static void *fl_get(struct tcf_proto *tp, u32 handle)
492 {
493 struct cls_fl_head *head = rtnl_dereference(tp->root);
494
495 return idr_find(&head->handle_idr, handle);
496 }
497
498 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
499 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
500 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
501 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
502 .len = IFNAMSIZ },
503 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
504 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
505 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
506 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
507 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
508 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
509 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
510 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
511 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
512 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
513 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
514 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
515 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
516 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
517 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
518 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
519 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
520 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
521 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
522 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
523 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
524 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
525 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
526 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
527 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
528 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
529 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
530 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
531 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
532 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
533 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
534 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
535 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
536 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
537 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
538 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
539 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
540 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
541 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
542 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
543 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
544 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
545 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
546 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
547 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
548 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
549 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
550 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
551 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
552 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
553 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
554 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
555 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
556 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
557 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
558 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
559 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
560 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
561 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
562 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
563 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
564 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
565 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
566 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
567 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
568 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
569 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
570 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
571 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
572 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
573 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
574 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
575 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
576 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
577 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
578 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
579 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
580 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
581 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
582 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
583 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
584 };
585
586 static const struct nla_policy
587 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
588 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
589 };
590
591 static const struct nla_policy
592 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
593 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
594 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
595 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
596 .len = 128 },
597 };
598
599 static void fl_set_key_val(struct nlattr **tb,
600 void *val, int val_type,
601 void *mask, int mask_type, int len)
602 {
603 if (!tb[val_type])
604 return;
605 memcpy(val, nla_data(tb[val_type]), len);
606 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
607 memset(mask, 0xff, len);
608 else
609 memcpy(mask, nla_data(tb[mask_type]), len);
610 }
611
612 static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
613 struct fl_flow_key *mask)
614 {
615 fl_set_key_val(tb, &key->tp_min.dst,
616 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_min.dst,
617 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.dst));
618 fl_set_key_val(tb, &key->tp_max.dst,
619 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_max.dst,
620 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.dst));
621 fl_set_key_val(tb, &key->tp_min.src,
622 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_min.src,
623 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.src));
624 fl_set_key_val(tb, &key->tp_max.src,
625 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_max.src,
626 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.src));
627
628 if ((mask->tp_min.dst && mask->tp_max.dst &&
629 htons(key->tp_max.dst) <= htons(key->tp_min.dst)) ||
630 (mask->tp_min.src && mask->tp_max.src &&
631 htons(key->tp_max.src) <= htons(key->tp_min.src)))
632 return -EINVAL;
633
634 return 0;
635 }
636
637 static int fl_set_key_mpls(struct nlattr **tb,
638 struct flow_dissector_key_mpls *key_val,
639 struct flow_dissector_key_mpls *key_mask)
640 {
641 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
642 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
643 key_mask->mpls_ttl = MPLS_TTL_MASK;
644 }
645 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
646 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
647
648 if (bos & ~MPLS_BOS_MASK)
649 return -EINVAL;
650 key_val->mpls_bos = bos;
651 key_mask->mpls_bos = MPLS_BOS_MASK;
652 }
653 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
654 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
655
656 if (tc & ~MPLS_TC_MASK)
657 return -EINVAL;
658 key_val->mpls_tc = tc;
659 key_mask->mpls_tc = MPLS_TC_MASK;
660 }
661 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
662 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
663
664 if (label & ~MPLS_LABEL_MASK)
665 return -EINVAL;
666 key_val->mpls_label = label;
667 key_mask->mpls_label = MPLS_LABEL_MASK;
668 }
669 return 0;
670 }
671
672 static void fl_set_key_vlan(struct nlattr **tb,
673 __be16 ethertype,
674 int vlan_id_key, int vlan_prio_key,
675 struct flow_dissector_key_vlan *key_val,
676 struct flow_dissector_key_vlan *key_mask)
677 {
678 #define VLAN_PRIORITY_MASK 0x7
679
680 if (tb[vlan_id_key]) {
681 key_val->vlan_id =
682 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
683 key_mask->vlan_id = VLAN_VID_MASK;
684 }
685 if (tb[vlan_prio_key]) {
686 key_val->vlan_priority =
687 nla_get_u8(tb[vlan_prio_key]) &
688 VLAN_PRIORITY_MASK;
689 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
690 }
691 key_val->vlan_tpid = ethertype;
692 key_mask->vlan_tpid = cpu_to_be16(~0);
693 }
694
695 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
696 u32 *dissector_key, u32 *dissector_mask,
697 u32 flower_flag_bit, u32 dissector_flag_bit)
698 {
699 if (flower_mask & flower_flag_bit) {
700 *dissector_mask |= dissector_flag_bit;
701 if (flower_key & flower_flag_bit)
702 *dissector_key |= dissector_flag_bit;
703 }
704 }
705
706 static int fl_set_key_flags(struct nlattr **tb,
707 u32 *flags_key, u32 *flags_mask)
708 {
709 u32 key, mask;
710
711 /* mask is mandatory for flags */
712 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
713 return -EINVAL;
714
715 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
716 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
717
718 *flags_key = 0;
719 *flags_mask = 0;
720
721 fl_set_key_flag(key, mask, flags_key, flags_mask,
722 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
723 fl_set_key_flag(key, mask, flags_key, flags_mask,
724 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
725 FLOW_DIS_FIRST_FRAG);
726
727 return 0;
728 }
729
730 static void fl_set_key_ip(struct nlattr **tb, bool encap,
731 struct flow_dissector_key_ip *key,
732 struct flow_dissector_key_ip *mask)
733 {
734 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
735 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
736 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
737 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
738
739 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
740 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
741 }
742
743 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
744 int depth, int option_len,
745 struct netlink_ext_ack *extack)
746 {
747 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
748 struct nlattr *class = NULL, *type = NULL, *data = NULL;
749 struct geneve_opt *opt;
750 int err, data_len = 0;
751
752 if (option_len > sizeof(struct geneve_opt))
753 data_len = option_len - sizeof(struct geneve_opt);
754
755 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
756 memset(opt, 0xff, option_len);
757 opt->length = data_len / 4;
758 opt->r1 = 0;
759 opt->r2 = 0;
760 opt->r3 = 0;
761
762 /* If no mask has been prodived we assume an exact match. */
763 if (!depth)
764 return sizeof(struct geneve_opt) + data_len;
765
766 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
767 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
768 return -EINVAL;
769 }
770
771 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
772 nla, geneve_opt_policy, extack);
773 if (err < 0)
774 return err;
775
776 /* We are not allowed to omit any of CLASS, TYPE or DATA
777 * fields from the key.
778 */
779 if (!option_len &&
780 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
781 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
782 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
783 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
784 return -EINVAL;
785 }
786
787 /* Omitting any of CLASS, TYPE or DATA fields is allowed
788 * for the mask.
789 */
790 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
791 int new_len = key->enc_opts.len;
792
793 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
794 data_len = nla_len(data);
795 if (data_len < 4) {
796 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
797 return -ERANGE;
798 }
799 if (data_len % 4) {
800 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
801 return -ERANGE;
802 }
803
804 new_len += sizeof(struct geneve_opt) + data_len;
805 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
806 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
807 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
808 return -ERANGE;
809 }
810 opt->length = data_len / 4;
811 memcpy(opt->opt_data, nla_data(data), data_len);
812 }
813
814 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
815 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
816 opt->opt_class = nla_get_be16(class);
817 }
818
819 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
820 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
821 opt->type = nla_get_u8(type);
822 }
823
824 return sizeof(struct geneve_opt) + data_len;
825 }
826
827 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
828 struct fl_flow_key *mask,
829 struct netlink_ext_ack *extack)
830 {
831 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
832 int err, option_len, key_depth, msk_depth = 0;
833
834 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS],
835 TCA_FLOWER_KEY_ENC_OPTS_MAX,
836 enc_opts_policy, extack);
837 if (err)
838 return err;
839
840 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
841
842 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
843 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
844 TCA_FLOWER_KEY_ENC_OPTS_MAX,
845 enc_opts_policy, extack);
846 if (err)
847 return err;
848
849 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
850 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
851 }
852
853 nla_for_each_attr(nla_opt_key, nla_enc_key,
854 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
855 switch (nla_type(nla_opt_key)) {
856 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
857 option_len = 0;
858 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
859 option_len = fl_set_geneve_opt(nla_opt_key, key,
860 key_depth, option_len,
861 extack);
862 if (option_len < 0)
863 return option_len;
864
865 key->enc_opts.len += option_len;
866 /* At the same time we need to parse through the mask
867 * in order to verify exact and mask attribute lengths.
868 */
869 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
870 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
871 msk_depth, option_len,
872 extack);
873 if (option_len < 0)
874 return option_len;
875
876 mask->enc_opts.len += option_len;
877 if (key->enc_opts.len != mask->enc_opts.len) {
878 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
879 return -EINVAL;
880 }
881
882 if (msk_depth)
883 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
884 break;
885 default:
886 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
887 return -EINVAL;
888 }
889 }
890
891 return 0;
892 }
893
894 static int fl_set_key(struct net *net, struct nlattr **tb,
895 struct fl_flow_key *key, struct fl_flow_key *mask,
896 struct netlink_ext_ack *extack)
897 {
898 __be16 ethertype;
899 int ret = 0;
900 #ifdef CONFIG_NET_CLS_IND
901 if (tb[TCA_FLOWER_INDEV]) {
902 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
903 if (err < 0)
904 return err;
905 key->indev_ifindex = err;
906 mask->indev_ifindex = 0xffffffff;
907 }
908 #endif
909
910 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
911 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
912 sizeof(key->eth.dst));
913 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
914 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
915 sizeof(key->eth.src));
916
917 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
918 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
919
920 if (eth_type_vlan(ethertype)) {
921 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
922 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
923 &mask->vlan);
924
925 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
926 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
927 if (eth_type_vlan(ethertype)) {
928 fl_set_key_vlan(tb, ethertype,
929 TCA_FLOWER_KEY_CVLAN_ID,
930 TCA_FLOWER_KEY_CVLAN_PRIO,
931 &key->cvlan, &mask->cvlan);
932 fl_set_key_val(tb, &key->basic.n_proto,
933 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
934 &mask->basic.n_proto,
935 TCA_FLOWER_UNSPEC,
936 sizeof(key->basic.n_proto));
937 } else {
938 key->basic.n_proto = ethertype;
939 mask->basic.n_proto = cpu_to_be16(~0);
940 }
941 }
942 } else {
943 key->basic.n_proto = ethertype;
944 mask->basic.n_proto = cpu_to_be16(~0);
945 }
946 }
947
948 if (key->basic.n_proto == htons(ETH_P_IP) ||
949 key->basic.n_proto == htons(ETH_P_IPV6)) {
950 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
951 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
952 sizeof(key->basic.ip_proto));
953 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
954 }
955
956 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
957 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
958 mask->control.addr_type = ~0;
959 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
960 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
961 sizeof(key->ipv4.src));
962 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
963 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
964 sizeof(key->ipv4.dst));
965 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
966 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
967 mask->control.addr_type = ~0;
968 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
969 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
970 sizeof(key->ipv6.src));
971 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
972 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
973 sizeof(key->ipv6.dst));
974 }
975
976 if (key->basic.ip_proto == IPPROTO_TCP) {
977 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
978 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
979 sizeof(key->tp.src));
980 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
981 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
982 sizeof(key->tp.dst));
983 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
984 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
985 sizeof(key->tcp.flags));
986 } else if (key->basic.ip_proto == IPPROTO_UDP) {
987 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
988 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
989 sizeof(key->tp.src));
990 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
991 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
992 sizeof(key->tp.dst));
993 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
994 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
995 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
996 sizeof(key->tp.src));
997 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
998 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
999 sizeof(key->tp.dst));
1000 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1001 key->basic.ip_proto == IPPROTO_ICMP) {
1002 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1003 &mask->icmp.type,
1004 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1005 sizeof(key->icmp.type));
1006 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1007 &mask->icmp.code,
1008 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1009 sizeof(key->icmp.code));
1010 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1011 key->basic.ip_proto == IPPROTO_ICMPV6) {
1012 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1013 &mask->icmp.type,
1014 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1015 sizeof(key->icmp.type));
1016 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
1017 &mask->icmp.code,
1018 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1019 sizeof(key->icmp.code));
1020 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1021 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1022 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
1023 if (ret)
1024 return ret;
1025 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1026 key->basic.n_proto == htons(ETH_P_RARP)) {
1027 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1028 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1029 sizeof(key->arp.sip));
1030 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1031 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1032 sizeof(key->arp.tip));
1033 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1034 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1035 sizeof(key->arp.op));
1036 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1037 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1038 sizeof(key->arp.sha));
1039 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1040 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1041 sizeof(key->arp.tha));
1042 }
1043
1044 if (key->basic.ip_proto == IPPROTO_TCP ||
1045 key->basic.ip_proto == IPPROTO_UDP ||
1046 key->basic.ip_proto == IPPROTO_SCTP) {
1047 ret = fl_set_key_port_range(tb, key, mask);
1048 if (ret)
1049 return ret;
1050 }
1051
1052 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1053 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1054 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1055 mask->enc_control.addr_type = ~0;
1056 fl_set_key_val(tb, &key->enc_ipv4.src,
1057 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1058 &mask->enc_ipv4.src,
1059 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1060 sizeof(key->enc_ipv4.src));
1061 fl_set_key_val(tb, &key->enc_ipv4.dst,
1062 TCA_FLOWER_KEY_ENC_IPV4_DST,
1063 &mask->enc_ipv4.dst,
1064 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1065 sizeof(key->enc_ipv4.dst));
1066 }
1067
1068 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1069 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1070 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1071 mask->enc_control.addr_type = ~0;
1072 fl_set_key_val(tb, &key->enc_ipv6.src,
1073 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1074 &mask->enc_ipv6.src,
1075 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1076 sizeof(key->enc_ipv6.src));
1077 fl_set_key_val(tb, &key->enc_ipv6.dst,
1078 TCA_FLOWER_KEY_ENC_IPV6_DST,
1079 &mask->enc_ipv6.dst,
1080 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1081 sizeof(key->enc_ipv6.dst));
1082 }
1083
1084 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1085 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1086 sizeof(key->enc_key_id.keyid));
1087
1088 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1089 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1090 sizeof(key->enc_tp.src));
1091
1092 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1093 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1094 sizeof(key->enc_tp.dst));
1095
1096 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1097
1098 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1099 ret = fl_set_enc_opt(tb, key, mask, extack);
1100 if (ret)
1101 return ret;
1102 }
1103
1104 if (tb[TCA_FLOWER_KEY_FLAGS])
1105 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
1106
1107 return ret;
1108 }
1109
1110 static void fl_mask_copy(struct fl_flow_mask *dst,
1111 struct fl_flow_mask *src)
1112 {
1113 const void *psrc = fl_key_get_start(&src->key, src);
1114 void *pdst = fl_key_get_start(&dst->key, src);
1115
1116 memcpy(pdst, psrc, fl_mask_range(src));
1117 dst->range = src->range;
1118 }
1119
1120 static const struct rhashtable_params fl_ht_params = {
1121 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
1122 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1123 .automatic_shrinking = true,
1124 };
1125
1126 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1127 {
1128 mask->filter_ht_params = fl_ht_params;
1129 mask->filter_ht_params.key_len = fl_mask_range(mask);
1130 mask->filter_ht_params.key_offset += mask->range.start;
1131
1132 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1133 }
1134
1135 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1136 #define FL_KEY_MEMBER_SIZE(member) FIELD_SIZEOF(struct fl_flow_key, member)
1137
1138 #define FL_KEY_IS_MASKED(mask, member) \
1139 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1140 0, FL_KEY_MEMBER_SIZE(member)) \
1141
1142 #define FL_KEY_SET(keys, cnt, id, member) \
1143 do { \
1144 keys[cnt].key_id = id; \
1145 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1146 cnt++; \
1147 } while(0);
1148
1149 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1150 do { \
1151 if (FL_KEY_IS_MASKED(mask, member)) \
1152 FL_KEY_SET(keys, cnt, id, member); \
1153 } while(0);
1154
1155 static void fl_init_dissector(struct flow_dissector *dissector,
1156 struct fl_flow_key *mask)
1157 {
1158 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1159 size_t cnt = 0;
1160
1161 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1162 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1163 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1164 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1165 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1166 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1167 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1168 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1169 if (FL_KEY_IS_MASKED(mask, tp) ||
1170 FL_KEY_IS_MASKED(mask, tp_min) || FL_KEY_IS_MASKED(mask, tp_max))
1171 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS, tp);
1172 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1173 FLOW_DISSECTOR_KEY_IP, ip);
1174 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1175 FLOW_DISSECTOR_KEY_TCP, tcp);
1176 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1177 FLOW_DISSECTOR_KEY_ICMP, icmp);
1178 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1179 FLOW_DISSECTOR_KEY_ARP, arp);
1180 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1181 FLOW_DISSECTOR_KEY_MPLS, mpls);
1182 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1183 FLOW_DISSECTOR_KEY_VLAN, vlan);
1184 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1185 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1186 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1187 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1188 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1189 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1190 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1191 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1192 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1193 FL_KEY_IS_MASKED(mask, enc_ipv6))
1194 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1195 enc_control);
1196 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1197 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1198 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1199 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1200 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1201 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1202
1203 skb_flow_dissector_init(dissector, keys, cnt);
1204 }
1205
1206 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1207 struct fl_flow_mask *mask)
1208 {
1209 struct fl_flow_mask *newmask;
1210 int err;
1211
1212 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1213 if (!newmask)
1214 return ERR_PTR(-ENOMEM);
1215
1216 fl_mask_copy(newmask, mask);
1217
1218 if ((newmask->key.tp_min.dst && newmask->key.tp_max.dst) ||
1219 (newmask->key.tp_min.src && newmask->key.tp_max.src))
1220 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1221
1222 err = fl_init_mask_hashtable(newmask);
1223 if (err)
1224 goto errout_free;
1225
1226 fl_init_dissector(&newmask->dissector, &newmask->key);
1227
1228 INIT_LIST_HEAD_RCU(&newmask->filters);
1229
1230 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node,
1231 mask_ht_params);
1232 if (err)
1233 goto errout_destroy;
1234
1235 list_add_tail_rcu(&newmask->list, &head->masks);
1236
1237 return newmask;
1238
1239 errout_destroy:
1240 rhashtable_destroy(&newmask->ht);
1241 errout_free:
1242 kfree(newmask);
1243
1244 return ERR_PTR(err);
1245 }
1246
1247 static int fl_check_assign_mask(struct cls_fl_head *head,
1248 struct cls_fl_filter *fnew,
1249 struct cls_fl_filter *fold,
1250 struct fl_flow_mask *mask)
1251 {
1252 struct fl_flow_mask *newmask;
1253
1254 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params);
1255 if (!fnew->mask) {
1256 if (fold)
1257 return -EINVAL;
1258
1259 newmask = fl_create_new_mask(head, mask);
1260 if (IS_ERR(newmask))
1261 return PTR_ERR(newmask);
1262
1263 fnew->mask = newmask;
1264 } else if (fold && fold->mask != fnew->mask) {
1265 return -EINVAL;
1266 }
1267
1268 return 0;
1269 }
1270
1271 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1272 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1273 unsigned long base, struct nlattr **tb,
1274 struct nlattr *est, bool ovr,
1275 struct fl_flow_tmplt *tmplt,
1276 struct netlink_ext_ack *extack)
1277 {
1278 int err;
1279
1280 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, true,
1281 extack);
1282 if (err < 0)
1283 return err;
1284
1285 if (tb[TCA_FLOWER_CLASSID]) {
1286 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1287 tcf_bind_filter(tp, &f->res, base);
1288 }
1289
1290 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1291 if (err)
1292 return err;
1293
1294 fl_mask_update_range(mask);
1295 fl_set_masked_key(&f->mkey, &f->key, mask);
1296
1297 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1298 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1299 return -EINVAL;
1300 }
1301
1302 return 0;
1303 }
1304
1305 static int fl_change(struct net *net, struct sk_buff *in_skb,
1306 struct tcf_proto *tp, unsigned long base,
1307 u32 handle, struct nlattr **tca,
1308 void **arg, bool ovr, bool rtnl_held,
1309 struct netlink_ext_ack *extack)
1310 {
1311 struct cls_fl_head *head = rtnl_dereference(tp->root);
1312 struct cls_fl_filter *fold = *arg;
1313 struct cls_fl_filter *fnew;
1314 struct fl_flow_mask *mask;
1315 struct nlattr **tb;
1316 int err;
1317
1318 if (!tca[TCA_OPTIONS])
1319 return -EINVAL;
1320
1321 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1322 if (!mask)
1323 return -ENOBUFS;
1324
1325 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1326 if (!tb) {
1327 err = -ENOBUFS;
1328 goto errout_mask_alloc;
1329 }
1330
1331 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1332 fl_policy, NULL);
1333 if (err < 0)
1334 goto errout_tb;
1335
1336 if (fold && handle && fold->handle != handle) {
1337 err = -EINVAL;
1338 goto errout_tb;
1339 }
1340
1341 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1342 if (!fnew) {
1343 err = -ENOBUFS;
1344 goto errout_tb;
1345 }
1346
1347 err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0);
1348 if (err < 0)
1349 goto errout;
1350
1351 if (tb[TCA_FLOWER_FLAGS]) {
1352 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1353
1354 if (!tc_flags_valid(fnew->flags)) {
1355 err = -EINVAL;
1356 goto errout;
1357 }
1358 }
1359
1360 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1361 tp->chain->tmplt_priv, extack);
1362 if (err)
1363 goto errout;
1364
1365 err = fl_check_assign_mask(head, fnew, fold, mask);
1366 if (err)
1367 goto errout;
1368
1369 if (!handle) {
1370 handle = 1;
1371 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1372 INT_MAX, GFP_KERNEL);
1373 } else if (!fold) {
1374 /* user specifies a handle and it doesn't exist */
1375 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1376 handle, GFP_KERNEL);
1377 }
1378 if (err)
1379 goto errout_mask;
1380 fnew->handle = handle;
1381
1382 if (!fold && __fl_lookup(fnew->mask, &fnew->mkey)) {
1383 err = -EEXIST;
1384 goto errout_idr;
1385 }
1386
1387 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
1388 fnew->mask->filter_ht_params);
1389 if (err)
1390 goto errout_idr;
1391
1392 if (!tc_skip_hw(fnew->flags)) {
1393 err = fl_hw_replace_filter(tp, fnew, extack);
1394 if (err)
1395 goto errout_mask_ht;
1396 }
1397
1398 if (!tc_in_hw(fnew->flags))
1399 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1400
1401 if (fold) {
1402 rhashtable_remove_fast(&fold->mask->ht,
1403 &fold->ht_node,
1404 fold->mask->filter_ht_params);
1405 if (!tc_skip_hw(fold->flags))
1406 fl_hw_destroy_filter(tp, fold, NULL);
1407 }
1408
1409 *arg = fnew;
1410
1411 if (fold) {
1412 idr_replace(&head->handle_idr, fnew, fnew->handle);
1413 list_replace_rcu(&fold->list, &fnew->list);
1414 tcf_unbind_filter(tp, &fold->res);
1415 tcf_exts_get_net(&fold->exts);
1416 tcf_queue_work(&fold->rwork, fl_destroy_filter_work);
1417 } else {
1418 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1419 }
1420
1421 kfree(tb);
1422 kfree(mask);
1423 return 0;
1424
1425 errout_mask_ht:
1426 rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node,
1427 fnew->mask->filter_ht_params);
1428
1429 errout_idr:
1430 if (!fold)
1431 idr_remove(&head->handle_idr, fnew->handle);
1432
1433 errout_mask:
1434 fl_mask_put(head, fnew->mask, false);
1435
1436 errout:
1437 tcf_exts_destroy(&fnew->exts);
1438 kfree(fnew);
1439 errout_tb:
1440 kfree(tb);
1441 errout_mask_alloc:
1442 kfree(mask);
1443 return err;
1444 }
1445
1446 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1447 bool rtnl_held, struct netlink_ext_ack *extack)
1448 {
1449 struct cls_fl_head *head = rtnl_dereference(tp->root);
1450 struct cls_fl_filter *f = arg;
1451
1452 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
1453 f->mask->filter_ht_params);
1454 __fl_delete(tp, f, extack);
1455 *last = list_empty(&head->masks);
1456 return 0;
1457 }
1458
1459 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
1460 bool rtnl_held)
1461 {
1462 struct cls_fl_head *head = rtnl_dereference(tp->root);
1463 struct cls_fl_filter *f;
1464
1465 arg->count = arg->skip;
1466
1467 while ((f = idr_get_next_ul(&head->handle_idr,
1468 &arg->cookie)) != NULL) {
1469 if (arg->fn(tp, f, arg) < 0) {
1470 arg->stop = 1;
1471 break;
1472 }
1473 arg->cookie = f->handle + 1;
1474 arg->count++;
1475 }
1476 }
1477
1478 static int fl_reoffload(struct tcf_proto *tp, bool add, tc_setup_cb_t *cb,
1479 void *cb_priv, struct netlink_ext_ack *extack)
1480 {
1481 struct cls_fl_head *head = rtnl_dereference(tp->root);
1482 struct tc_cls_flower_offload cls_flower = {};
1483 struct tcf_block *block = tp->chain->block;
1484 struct fl_flow_mask *mask;
1485 struct cls_fl_filter *f;
1486 int err;
1487
1488 list_for_each_entry(mask, &head->masks, list) {
1489 list_for_each_entry(f, &mask->filters, list) {
1490 if (tc_skip_hw(f->flags))
1491 continue;
1492
1493 cls_flower.rule =
1494 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
1495 if (!cls_flower.rule)
1496 return -ENOMEM;
1497
1498 tc_cls_common_offload_init(&cls_flower.common, tp,
1499 f->flags, extack);
1500 cls_flower.command = add ?
1501 TC_CLSFLOWER_REPLACE : TC_CLSFLOWER_DESTROY;
1502 cls_flower.cookie = (unsigned long)f;
1503 cls_flower.rule->match.dissector = &mask->dissector;
1504 cls_flower.rule->match.mask = &mask->key;
1505 cls_flower.rule->match.key = &f->mkey;
1506
1507 err = tc_setup_flow_action(&cls_flower.rule->action,
1508 &f->exts);
1509 if (err) {
1510 kfree(cls_flower.rule);
1511 if (tc_skip_sw(f->flags)) {
1512 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
1513 return err;
1514 }
1515 continue;
1516 }
1517
1518 cls_flower.classid = f->res.classid;
1519
1520 err = cb(TC_SETUP_CLSFLOWER, &cls_flower, cb_priv);
1521 kfree(cls_flower.rule);
1522
1523 if (err) {
1524 if (add && tc_skip_sw(f->flags))
1525 return err;
1526 continue;
1527 }
1528
1529 tc_cls_offload_cnt_update(block, &f->in_hw_count,
1530 &f->flags, add);
1531 }
1532 }
1533
1534 return 0;
1535 }
1536
1537 static int fl_hw_create_tmplt(struct tcf_chain *chain,
1538 struct fl_flow_tmplt *tmplt)
1539 {
1540 struct tc_cls_flower_offload cls_flower = {};
1541 struct tcf_block *block = chain->block;
1542
1543 cls_flower.rule = flow_rule_alloc(0);
1544 if (!cls_flower.rule)
1545 return -ENOMEM;
1546
1547 cls_flower.common.chain_index = chain->index;
1548 cls_flower.command = TC_CLSFLOWER_TMPLT_CREATE;
1549 cls_flower.cookie = (unsigned long) tmplt;
1550 cls_flower.rule->match.dissector = &tmplt->dissector;
1551 cls_flower.rule->match.mask = &tmplt->mask;
1552 cls_flower.rule->match.key = &tmplt->dummy_key;
1553
1554 /* We don't care if driver (any of them) fails to handle this
1555 * call. It serves just as a hint for it.
1556 */
1557 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
1558 kfree(cls_flower.rule);
1559
1560 return 0;
1561 }
1562
1563 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1564 struct fl_flow_tmplt *tmplt)
1565 {
1566 struct tc_cls_flower_offload cls_flower = {};
1567 struct tcf_block *block = chain->block;
1568
1569 cls_flower.common.chain_index = chain->index;
1570 cls_flower.command = TC_CLSFLOWER_TMPLT_DESTROY;
1571 cls_flower.cookie = (unsigned long) tmplt;
1572
1573 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
1574 }
1575
1576 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1577 struct nlattr **tca,
1578 struct netlink_ext_ack *extack)
1579 {
1580 struct fl_flow_tmplt *tmplt;
1581 struct nlattr **tb;
1582 int err;
1583
1584 if (!tca[TCA_OPTIONS])
1585 return ERR_PTR(-EINVAL);
1586
1587 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1588 if (!tb)
1589 return ERR_PTR(-ENOBUFS);
1590 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1591 fl_policy, NULL);
1592 if (err)
1593 goto errout_tb;
1594
1595 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1596 if (!tmplt) {
1597 err = -ENOMEM;
1598 goto errout_tb;
1599 }
1600 tmplt->chain = chain;
1601 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1602 if (err)
1603 goto errout_tmplt;
1604
1605 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1606
1607 err = fl_hw_create_tmplt(chain, tmplt);
1608 if (err)
1609 goto errout_tmplt;
1610
1611 kfree(tb);
1612 return tmplt;
1613
1614 errout_tmplt:
1615 kfree(tmplt);
1616 errout_tb:
1617 kfree(tb);
1618 return ERR_PTR(err);
1619 }
1620
1621 static void fl_tmplt_destroy(void *tmplt_priv)
1622 {
1623 struct fl_flow_tmplt *tmplt = tmplt_priv;
1624
1625 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1626 kfree(tmplt);
1627 }
1628
1629 static int fl_dump_key_val(struct sk_buff *skb,
1630 void *val, int val_type,
1631 void *mask, int mask_type, int len)
1632 {
1633 int err;
1634
1635 if (!memchr_inv(mask, 0, len))
1636 return 0;
1637 err = nla_put(skb, val_type, len, val);
1638 if (err)
1639 return err;
1640 if (mask_type != TCA_FLOWER_UNSPEC) {
1641 err = nla_put(skb, mask_type, len, mask);
1642 if (err)
1643 return err;
1644 }
1645 return 0;
1646 }
1647
1648 static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
1649 struct fl_flow_key *mask)
1650 {
1651 if (fl_dump_key_val(skb, &key->tp_min.dst, TCA_FLOWER_KEY_PORT_DST_MIN,
1652 &mask->tp_min.dst, TCA_FLOWER_UNSPEC,
1653 sizeof(key->tp_min.dst)) ||
1654 fl_dump_key_val(skb, &key->tp_max.dst, TCA_FLOWER_KEY_PORT_DST_MAX,
1655 &mask->tp_max.dst, TCA_FLOWER_UNSPEC,
1656 sizeof(key->tp_max.dst)) ||
1657 fl_dump_key_val(skb, &key->tp_min.src, TCA_FLOWER_KEY_PORT_SRC_MIN,
1658 &mask->tp_min.src, TCA_FLOWER_UNSPEC,
1659 sizeof(key->tp_min.src)) ||
1660 fl_dump_key_val(skb, &key->tp_max.src, TCA_FLOWER_KEY_PORT_SRC_MAX,
1661 &mask->tp_max.src, TCA_FLOWER_UNSPEC,
1662 sizeof(key->tp_max.src)))
1663 return -1;
1664
1665 return 0;
1666 }
1667
1668 static int fl_dump_key_mpls(struct sk_buff *skb,
1669 struct flow_dissector_key_mpls *mpls_key,
1670 struct flow_dissector_key_mpls *mpls_mask)
1671 {
1672 int err;
1673
1674 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1675 return 0;
1676 if (mpls_mask->mpls_ttl) {
1677 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1678 mpls_key->mpls_ttl);
1679 if (err)
1680 return err;
1681 }
1682 if (mpls_mask->mpls_tc) {
1683 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1684 mpls_key->mpls_tc);
1685 if (err)
1686 return err;
1687 }
1688 if (mpls_mask->mpls_label) {
1689 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1690 mpls_key->mpls_label);
1691 if (err)
1692 return err;
1693 }
1694 if (mpls_mask->mpls_bos) {
1695 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1696 mpls_key->mpls_bos);
1697 if (err)
1698 return err;
1699 }
1700 return 0;
1701 }
1702
1703 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
1704 struct flow_dissector_key_ip *key,
1705 struct flow_dissector_key_ip *mask)
1706 {
1707 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1708 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1709 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1710 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1711
1712 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
1713 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
1714 return -1;
1715
1716 return 0;
1717 }
1718
1719 static int fl_dump_key_vlan(struct sk_buff *skb,
1720 int vlan_id_key, int vlan_prio_key,
1721 struct flow_dissector_key_vlan *vlan_key,
1722 struct flow_dissector_key_vlan *vlan_mask)
1723 {
1724 int err;
1725
1726 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1727 return 0;
1728 if (vlan_mask->vlan_id) {
1729 err = nla_put_u16(skb, vlan_id_key,
1730 vlan_key->vlan_id);
1731 if (err)
1732 return err;
1733 }
1734 if (vlan_mask->vlan_priority) {
1735 err = nla_put_u8(skb, vlan_prio_key,
1736 vlan_key->vlan_priority);
1737 if (err)
1738 return err;
1739 }
1740 return 0;
1741 }
1742
1743 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1744 u32 *flower_key, u32 *flower_mask,
1745 u32 flower_flag_bit, u32 dissector_flag_bit)
1746 {
1747 if (dissector_mask & dissector_flag_bit) {
1748 *flower_mask |= flower_flag_bit;
1749 if (dissector_key & dissector_flag_bit)
1750 *flower_key |= flower_flag_bit;
1751 }
1752 }
1753
1754 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1755 {
1756 u32 key, mask;
1757 __be32 _key, _mask;
1758 int err;
1759
1760 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1761 return 0;
1762
1763 key = 0;
1764 mask = 0;
1765
1766 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1767 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1768 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1769 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1770 FLOW_DIS_FIRST_FRAG);
1771
1772 _key = cpu_to_be32(key);
1773 _mask = cpu_to_be32(mask);
1774
1775 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1776 if (err)
1777 return err;
1778
1779 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1780 }
1781
1782 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
1783 struct flow_dissector_key_enc_opts *enc_opts)
1784 {
1785 struct geneve_opt *opt;
1786 struct nlattr *nest;
1787 int opt_off = 0;
1788
1789 nest = nla_nest_start(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
1790 if (!nest)
1791 goto nla_put_failure;
1792
1793 while (enc_opts->len > opt_off) {
1794 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
1795
1796 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
1797 opt->opt_class))
1798 goto nla_put_failure;
1799 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
1800 opt->type))
1801 goto nla_put_failure;
1802 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
1803 opt->length * 4, opt->opt_data))
1804 goto nla_put_failure;
1805
1806 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
1807 }
1808 nla_nest_end(skb, nest);
1809 return 0;
1810
1811 nla_put_failure:
1812 nla_nest_cancel(skb, nest);
1813 return -EMSGSIZE;
1814 }
1815
1816 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
1817 struct flow_dissector_key_enc_opts *enc_opts)
1818 {
1819 struct nlattr *nest;
1820 int err;
1821
1822 if (!enc_opts->len)
1823 return 0;
1824
1825 nest = nla_nest_start(skb, enc_opt_type);
1826 if (!nest)
1827 goto nla_put_failure;
1828
1829 switch (enc_opts->dst_opt_type) {
1830 case TUNNEL_GENEVE_OPT:
1831 err = fl_dump_key_geneve_opt(skb, enc_opts);
1832 if (err)
1833 goto nla_put_failure;
1834 break;
1835 default:
1836 goto nla_put_failure;
1837 }
1838 nla_nest_end(skb, nest);
1839 return 0;
1840
1841 nla_put_failure:
1842 nla_nest_cancel(skb, nest);
1843 return -EMSGSIZE;
1844 }
1845
1846 static int fl_dump_key_enc_opt(struct sk_buff *skb,
1847 struct flow_dissector_key_enc_opts *key_opts,
1848 struct flow_dissector_key_enc_opts *msk_opts)
1849 {
1850 int err;
1851
1852 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
1853 if (err)
1854 return err;
1855
1856 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
1857 }
1858
1859 static int fl_dump_key(struct sk_buff *skb, struct net *net,
1860 struct fl_flow_key *key, struct fl_flow_key *mask)
1861 {
1862 if (mask->indev_ifindex) {
1863 struct net_device *dev;
1864
1865 dev = __dev_get_by_index(net, key->indev_ifindex);
1866 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1867 goto nla_put_failure;
1868 }
1869
1870 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1871 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1872 sizeof(key->eth.dst)) ||
1873 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1874 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1875 sizeof(key->eth.src)) ||
1876 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1877 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1878 sizeof(key->basic.n_proto)))
1879 goto nla_put_failure;
1880
1881 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1882 goto nla_put_failure;
1883
1884 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
1885 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
1886 goto nla_put_failure;
1887
1888 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
1889 TCA_FLOWER_KEY_CVLAN_PRIO,
1890 &key->cvlan, &mask->cvlan) ||
1891 (mask->cvlan.vlan_tpid &&
1892 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1893 key->cvlan.vlan_tpid)))
1894 goto nla_put_failure;
1895
1896 if (mask->basic.n_proto) {
1897 if (mask->cvlan.vlan_tpid) {
1898 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1899 key->basic.n_proto))
1900 goto nla_put_failure;
1901 } else if (mask->vlan.vlan_tpid) {
1902 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1903 key->basic.n_proto))
1904 goto nla_put_failure;
1905 }
1906 }
1907
1908 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1909 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1910 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1911 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1912 sizeof(key->basic.ip_proto)) ||
1913 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
1914 goto nla_put_failure;
1915
1916 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1917 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1918 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1919 sizeof(key->ipv4.src)) ||
1920 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1921 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1922 sizeof(key->ipv4.dst))))
1923 goto nla_put_failure;
1924 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1925 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1926 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1927 sizeof(key->ipv6.src)) ||
1928 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1929 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1930 sizeof(key->ipv6.dst))))
1931 goto nla_put_failure;
1932
1933 if (key->basic.ip_proto == IPPROTO_TCP &&
1934 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1935 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1936 sizeof(key->tp.src)) ||
1937 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1938 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1939 sizeof(key->tp.dst)) ||
1940 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1941 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1942 sizeof(key->tcp.flags))))
1943 goto nla_put_failure;
1944 else if (key->basic.ip_proto == IPPROTO_UDP &&
1945 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1946 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1947 sizeof(key->tp.src)) ||
1948 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1949 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1950 sizeof(key->tp.dst))))
1951 goto nla_put_failure;
1952 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1953 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1954 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1955 sizeof(key->tp.src)) ||
1956 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1957 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1958 sizeof(key->tp.dst))))
1959 goto nla_put_failure;
1960 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1961 key->basic.ip_proto == IPPROTO_ICMP &&
1962 (fl_dump_key_val(skb, &key->icmp.type,
1963 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1964 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1965 sizeof(key->icmp.type)) ||
1966 fl_dump_key_val(skb, &key->icmp.code,
1967 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1968 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1969 sizeof(key->icmp.code))))
1970 goto nla_put_failure;
1971 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1972 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1973 (fl_dump_key_val(skb, &key->icmp.type,
1974 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1975 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1976 sizeof(key->icmp.type)) ||
1977 fl_dump_key_val(skb, &key->icmp.code,
1978 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1979 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1980 sizeof(key->icmp.code))))
1981 goto nla_put_failure;
1982 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
1983 key->basic.n_proto == htons(ETH_P_RARP)) &&
1984 (fl_dump_key_val(skb, &key->arp.sip,
1985 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
1986 TCA_FLOWER_KEY_ARP_SIP_MASK,
1987 sizeof(key->arp.sip)) ||
1988 fl_dump_key_val(skb, &key->arp.tip,
1989 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
1990 TCA_FLOWER_KEY_ARP_TIP_MASK,
1991 sizeof(key->arp.tip)) ||
1992 fl_dump_key_val(skb, &key->arp.op,
1993 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
1994 TCA_FLOWER_KEY_ARP_OP_MASK,
1995 sizeof(key->arp.op)) ||
1996 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1997 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1998 sizeof(key->arp.sha)) ||
1999 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
2000 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
2001 sizeof(key->arp.tha))))
2002 goto nla_put_failure;
2003
2004 if ((key->basic.ip_proto == IPPROTO_TCP ||
2005 key->basic.ip_proto == IPPROTO_UDP ||
2006 key->basic.ip_proto == IPPROTO_SCTP) &&
2007 fl_dump_key_port_range(skb, key, mask))
2008 goto nla_put_failure;
2009
2010 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2011 (fl_dump_key_val(skb, &key->enc_ipv4.src,
2012 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
2013 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
2014 sizeof(key->enc_ipv4.src)) ||
2015 fl_dump_key_val(skb, &key->enc_ipv4.dst,
2016 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
2017 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
2018 sizeof(key->enc_ipv4.dst))))
2019 goto nla_put_failure;
2020 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2021 (fl_dump_key_val(skb, &key->enc_ipv6.src,
2022 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
2023 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
2024 sizeof(key->enc_ipv6.src)) ||
2025 fl_dump_key_val(skb, &key->enc_ipv6.dst,
2026 TCA_FLOWER_KEY_ENC_IPV6_DST,
2027 &mask->enc_ipv6.dst,
2028 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
2029 sizeof(key->enc_ipv6.dst))))
2030 goto nla_put_failure;
2031
2032 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
2033 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
2034 sizeof(key->enc_key_id)) ||
2035 fl_dump_key_val(skb, &key->enc_tp.src,
2036 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
2037 &mask->enc_tp.src,
2038 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
2039 sizeof(key->enc_tp.src)) ||
2040 fl_dump_key_val(skb, &key->enc_tp.dst,
2041 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
2042 &mask->enc_tp.dst,
2043 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
2044 sizeof(key->enc_tp.dst)) ||
2045 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
2046 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
2047 goto nla_put_failure;
2048
2049 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
2050 goto nla_put_failure;
2051
2052 return 0;
2053
2054 nla_put_failure:
2055 return -EMSGSIZE;
2056 }
2057
2058 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
2059 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
2060 {
2061 struct cls_fl_filter *f = fh;
2062 struct nlattr *nest;
2063 struct fl_flow_key *key, *mask;
2064
2065 if (!f)
2066 return skb->len;
2067
2068 t->tcm_handle = f->handle;
2069
2070 nest = nla_nest_start(skb, TCA_OPTIONS);
2071 if (!nest)
2072 goto nla_put_failure;
2073
2074 if (f->res.classid &&
2075 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2076 goto nla_put_failure;
2077
2078 key = &f->key;
2079 mask = &f->mask->key;
2080
2081 if (fl_dump_key(skb, net, key, mask))
2082 goto nla_put_failure;
2083
2084 if (!tc_skip_hw(f->flags))
2085 fl_hw_update_stats(tp, f);
2086
2087 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2088 goto nla_put_failure;
2089
2090 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2091 goto nla_put_failure;
2092
2093 if (tcf_exts_dump(skb, &f->exts))
2094 goto nla_put_failure;
2095
2096 nla_nest_end(skb, nest);
2097
2098 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2099 goto nla_put_failure;
2100
2101 return skb->len;
2102
2103 nla_put_failure:
2104 nla_nest_cancel(skb, nest);
2105 return -1;
2106 }
2107
2108 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2109 {
2110 struct fl_flow_tmplt *tmplt = tmplt_priv;
2111 struct fl_flow_key *key, *mask;
2112 struct nlattr *nest;
2113
2114 nest = nla_nest_start(skb, TCA_OPTIONS);
2115 if (!nest)
2116 goto nla_put_failure;
2117
2118 key = &tmplt->dummy_key;
2119 mask = &tmplt->mask;
2120
2121 if (fl_dump_key(skb, net, key, mask))
2122 goto nla_put_failure;
2123
2124 nla_nest_end(skb, nest);
2125
2126 return skb->len;
2127
2128 nla_put_failure:
2129 nla_nest_cancel(skb, nest);
2130 return -EMSGSIZE;
2131 }
2132
2133 static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
2134 {
2135 struct cls_fl_filter *f = fh;
2136
2137 if (f && f->res.classid == classid)
2138 f->res.class = cl;
2139 }
2140
2141 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2142 .kind = "flower",
2143 .classify = fl_classify,
2144 .init = fl_init,
2145 .destroy = fl_destroy,
2146 .get = fl_get,
2147 .change = fl_change,
2148 .delete = fl_delete,
2149 .walk = fl_walk,
2150 .reoffload = fl_reoffload,
2151 .dump = fl_dump,
2152 .bind_class = fl_bind_class,
2153 .tmplt_create = fl_tmplt_create,
2154 .tmplt_destroy = fl_tmplt_destroy,
2155 .tmplt_dump = fl_tmplt_dump,
2156 .owner = THIS_MODULE,
2157 };
2158
2159 static int __init cls_fl_init(void)
2160 {
2161 return register_tcf_proto_ops(&cls_fl_ops);
2162 }
2163
2164 static void __exit cls_fl_exit(void)
2165 {
2166 unregister_tcf_proto_ops(&cls_fl_ops);
2167 }
2168
2169 module_init(cls_fl_init);
2170 module_exit(cls_fl_exit);
2171
2172 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2173 MODULE_DESCRIPTION("Flower classifier");
2174 MODULE_LICENSE("GPL v2");
A mirror of Linus' kernel repository